<?php
//echo$_REQUEST['geist2'],'<br />+ ',getPasswordForUser($_REQUEST['geistu']);
//md5($_SESSION['geist1'].getPasswordForUser($_REQUEST['geistu']));
//echo$_REQUEST['url'];

session_start();
auth();

function auth(){
  $reset=' <a href="#" onclick="history.go(-3)">go back to the main page</a>';
  if(isset($_SESSION['geist1	']) && isset($_REQUEST['geistu']) && isset($_REQUEST['geist2']) && isset($_REQUEST['url'])){
    if(md5($_SESSION['geist1'].getPasswordForUser($_REQUEST['geistu']))==$_REQUEST['geist2']){
      $_SESSION['auth']='tau';
      $_SESSION['user']=$_REQUEST['geistu'];
      unset($_SESSION['geist1']);
      header("Location: ".$_REQUEST['url']);
      exit;
    }
    else echo'login failed: incorrect user or password',$reset;
  }
  else echo'login failed: invalid session',$reset;
}

function getPasswordForUser($username){
$userdb=array(
"admin"=>"nimda",
"Marnix" =>"2012",
"Jeffrey"=>"passwd",
"cultuuradm"=>"CLT/tr3n");
  if(isset($userdb[$username])) return $userdb[$username];
  else return '';
}

?>